VAR-201006-0363
Vulnerability from variot - Updated: 2025-04-11 21:37Cross-site scripting (XSS) vulnerability in the Ping tools web interface in Dlink Di-604 router allows remote attackers to inject arbitrary web script or HTML via the IP field. The nslookup command fails to drop privileges, allowing local attackers to gain root privileges. The D-link DI-604 is a small router device. The 'Ping tools' WEB interface does not verify the size of the ip textfield, changing its size, and sending requests exceeding 500 characters can cause a denial of service attack. There is also a cross-site scripting attack on this textfield. Dlink Di-604 products are prone to a cross-site scripting and a denial-of-service vulnerability because the devices fail to properly handle user-supplied input. An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201006-0363",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "di-604",
"scope": null,
"trust": 1.7,
"vendor": "d link",
"version": null
},
{
"model": "di-604",
"scope": "eq",
"trust": 1.0,
"vendor": "d link",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"model": "di-615",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#18419"
},
{
"db": "CNVD",
"id": "CNVD-2010-1083"
},
{
"db": "BID",
"id": "40691"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004146"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-252"
},
{
"db": "NVD",
"id": "CVE-2010-2292"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:d-link:di-604",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-004146"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DcLabs - Sponsor: Crash",
"sources": [
{
"db": "BID",
"id": "40691"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-252"
}
],
"trust": 0.9
},
"cve": "CVE-2010-2292",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2010-2292",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-44897",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-2292",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#18419",
"trust": 0.8,
"value": "2.76"
},
{
"author": "NVD",
"id": "CVE-2010-2292",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201006-252",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-44897",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#18419"
},
{
"db": "VULHUB",
"id": "VHN-44897"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004146"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-252"
},
{
"db": "NVD",
"id": "CVE-2010-2292"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in the Ping tools web interface in Dlink Di-604 router allows remote attackers to inject arbitrary web script or HTML via the IP field. The nslookup command fails to drop privileges, allowing local attackers to gain root privileges. The D-link DI-604 is a small router device. The \u0027Ping tools\u0027 WEB interface does not verify the size of the ip textfield, changing its size, and sending requests exceeding 500 characters can cause a denial of service attack. There is also a cross-site scripting attack on this textfield. Dlink Di-604 products are prone to a cross-site scripting and a denial-of-service vulnerability because the devices fail to properly handle user-supplied input. \nAn attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2292"
},
{
"db": "CERT/CC",
"id": "VU#18419"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004146"
},
{
"db": "CNVD",
"id": "CNVD-2010-1083"
},
{
"db": "BID",
"id": "40691"
},
{
"db": "VULHUB",
"id": "VHN-44897"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-2292",
"trust": 2.8
},
{
"db": "BID",
"id": "40691",
"trust": 2.6
},
{
"db": "XF",
"id": "604",
"trust": 1.4
},
{
"db": "CERT/CC",
"id": "VU#18419",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004146",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201006-252",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2010-1083",
"trust": 0.6
},
{
"db": "XF",
"id": "59364",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20100608 DLINK DI-604 ROUTER AUTHENTICATED USER PING TOOL XSS AND DOS",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-44897",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#18419"
},
{
"db": "CNVD",
"id": "CNVD-2010-1083"
},
{
"db": "VULHUB",
"id": "VHN-44897"
},
{
"db": "BID",
"id": "40691"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004146"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-252"
},
{
"db": "NVD",
"id": "CVE-2010-2292"
}
]
},
"id": "VAR-201006-0363",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1083"
},
{
"db": "VULHUB",
"id": "VHN-44897"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1083"
}
]
},
"last_update_date": "2025-04-11T21:37:29.122000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.dlink.com/"
},
{
"title": "Wireshark 1.2.9",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=3692"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-004146"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-252"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-44897"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004146"
},
{
"db": "NVD",
"id": "CVE-2010-2292"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/40691"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/511751/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59364"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/static/604.php"
},
{
"trust": 0.8,
"url": "http://groups.google.com/groups?q=ers-sva-e01-1997:008.1\u0026hl=en\u0026rnum=3\u0026selm=6383r7%24kts%243%40watnews1.watson.ibm.com"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2292"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2292"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/511751"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/59364"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/511751/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.d-link.com/"
},
{
"trust": 0.3,
"url": "/archive/1/511751"
},
{
"trust": 0.3,
"url": "/archive/1/511840"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#18419"
},
{
"db": "CNVD",
"id": "CNVD-2010-1083"
},
{
"db": "VULHUB",
"id": "VHN-44897"
},
{
"db": "BID",
"id": "40691"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004146"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-252"
},
{
"db": "NVD",
"id": "CVE-2010-2292"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#18419"
},
{
"db": "CNVD",
"id": "CNVD-2010-1083"
},
{
"db": "VULHUB",
"id": "VHN-44897"
},
{
"db": "BID",
"id": "40691"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004146"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-252"
},
{
"db": "NVD",
"id": "CVE-2010-2292"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-09-26T00:00:00",
"db": "CERT/CC",
"id": "VU#18419"
},
{
"date": "2010-06-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1083"
},
{
"date": "2010-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-44897"
},
{
"date": "2010-06-09T00:00:00",
"db": "BID",
"id": "40691"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-004146"
},
{
"date": "2010-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201006-252"
},
{
"date": "2010-06-15T14:04:26.767000",
"db": "NVD",
"id": "CVE-2010-2292"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-09-27T00:00:00",
"db": "CERT/CC",
"id": "VU#18419"
},
{
"date": "2010-06-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1083"
},
{
"date": "2018-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-44897"
},
{
"date": "2015-04-13T21:02:00",
"db": "BID",
"id": "40691"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-004146"
},
{
"date": "2010-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201006-252"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2010-2292"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201006-252"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM AIX nslookup fails to drop root privileges",
"sources": [
{
"db": "CERT/CC",
"id": "VU#18419"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201006-252"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…